From: Jordon Bedwell on
On 7/26/10 4:38 PM, Boyd Stephen Smith Jr. wrote:
> Not according to the relevant standards.
>
> 1Mb = 1 000 000 bits
> 1MB = 1 000 000 bytes
> 1Mib = 2 ^ 20 bits
> 1MiB = 2 ^ 20 bytes
>
> http://en.wikipedia.org/wiki/SI_prefix
> http://en.wikipedia.org/wiki/Binary_prefix
> http://en.wikipedia.org/wiki/Timeline_of_binary_prefixes
> http://physics.nist.gov/cuu/Units/binary.html
> http://physics.nist.gov/cuu/Units/prefixes.html

You need to explain to people what these values actually mean,
technically both of you are right, but neither of you understand how or
where you are right, apparently (not saying you do or don't, just adding
apparently because it seems this way.) In memory calculations yes the
following table applies AKA base-two meaning:

1 megabyte (MB) = 8,388,608 bits
1 megabit (Mb) = 1,048,576 bits
1 mebibyte (MiB) = 8,388,608 bits
1 mebibit (Mib) = 1 048 576 bits


1 megabyte (MB) = 1,048,576 bytes
1 megabit (Mb) = 131,072 bytes
1 mebibyte (MiB) = 1,048,576 bytes
1 mebibit (Mib) = 131,072 bytes

The reason some major companies (that don't like to play the line of
politically-correct or politically-incorrect or you're an idiot or you
should learn to computer foo) switched to measuring in MiB for storage
is because people think that base-two meaning is the correct measurment
for storage, when according to standards yes Mega means a million
(10^6). As a matter of fact, most computer scientists still readily and
unreliably use base-two meaning (2^20) for measurement :/

The IEC added some terms (KiB, MiB, GiB, TiB, PiB, EiB) to ease the
confusion (which nobody outside of the computer industry noticed) which
does use the base 2 calculations and not base 10. So when you think hard
drive, think 10^6 when you think computer memory think 2^20. When you
think, blame Americans, this is one thing you truly can blame on us.


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/4C4E1826.4040203(a)envygeeks.com
From: Dotan Cohen on
On Sat, Jul 17, 2010 at 10:06, Sthu Deus <sthu.deus(a)gmail.com> wrote:
> Good day.
>
> I have 3 questions on virus/spy-ware detection and detection technique.
>
> 1. Which software (may that is even packaged for Debian) is the best at
> Your opinion and why for virus/spy-ware (the software that scans for
> interesting data and sends it to some host) detection?
>

chkrootkit

> 2. What's the technique of scanning for the malicious software? - As I
> can understand it should be absolutely trustworthy and at the same time
> - up-to-date (the bases it uses) - so, should I have a separate HDD for
>  the goal that stands most the time separately (on a shelf), updating
>  alone in computer, then again removed and being used only as a
>  primary disk for scanning attached disks - as the secondary? Or there
>  is more easy to perform way of accomplishing this?
>

man chkrootkit


> 3. Is it possible to scan for this very purposes (virus & spy-ware) the
> distro CD/DVD -s - as it is from the media, without explicit manual
> unpacking - to be sure the software is OK (in case when check sums are
> not available OR it is impossible for some reasons to re-download the
> images)?
>

man md5sum

--
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/AANLkTin643bGL1GNt8bQ42TLPCGtNOPO38iKUA-oGF6n(a)mail.gmail.com
From: Rob Owens on
On Mon, Jul 26, 2010 at 08:34:23PM +0700, Sthu Deus wrote:
> Thank You for Your time and answer, Rob:
>
> > That's about as official
> > as you can get without a Debian release manager being in charge of
> > it, I guess.
>
> What difference does it make in sense of security?
>
I've had a busy week. I think we were talking about Live images of
Debian Testing, right?

These images are made periodically. I don't know if any particular
schedule is followed. Security updates can be added via aptitude if you
use "persistence". Persistence lets you save changes to your live
system to a USB stick, for instance. (In fact, the whole live system
can run off of a USB stick instead of a CD).

All this means that security updates are the same for the normal Testing
distro. Exactly what state that is in currently, I'm not sure. There
is/was an official security team for Testing, but I know it had a rough
period recently. I don't think timely security updates for Testing are
guaranteed right now, but I could be wrong.

One thing about the Debian Live systems is that the kernel cannot be
upgraded via apt-get or aptitude. A new image has to be built in order
to get the latest kernel.

If you are asking about security in the sense of "can I trust these
images", I don't have a clear answer for you. The author is a Debian
developer. He has earned some degree of trust in order to get to that
position. Do his live-helper packages receive scrutiny from the Debian
team before being admitted into the repositories -- scrutiny that his
Live images do not receive because they aren't released through official
Debian channels? I don't know the answer to that. If you are concerned
about that, though, you can build your own images using the live-helper
package on your Debian system. You can even use a Lenny system to build
a Squeeze image if you want.

I know there have been some comments in another thread that you are
being too paranoid. I get what you're after, though. GPG calls it
web of trust. If you can't personally verify that something/somebody is
trustworthy, maybe you can find somebody you trust who can verify for
you.

I hesitate to profess trust for things that I haven't personally
verified. I've used a premade Live image before, and nothing bad
happened, but I won't tell you that it is safe because I really don't
know that for sure. I believe it, but I don't know it.

"Trust me" is a phrase best left in the closed source world, in my
opinion.

-Rob
From: Andrei Popescu on
On Lu, 26 iul 10, 21:04:12, Rob Owens wrote:
> On Mon, Jul 26, 2010 at 08:34:23PM +0700, Sthu Deus wrote:
> > Thank You for Your time and answer, Rob:
> >
> > > That's about as official
> > > as you can get without a Debian release manager being in charge of
> > > it, I guess.
> >
> > What difference does it make in sense of security?
> >
> I've had a busy week. I think we were talking about Live images of
> Debian Testing, right?

No

Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
From: Andrei Popescu on
On Ma, 27 iul 10, 10:00:30, Andrei Popescu wrote:
> On Lu, 26 iul 10, 21:04:12, Rob Owens wrote:
> > On Mon, Jul 26, 2010 at 08:34:23PM +0700, Sthu Deus wrote:
> > > Thank You for Your time and answer, Rob:
> > >
> > > > That's about as official
> > > > as you can get without a Debian release manager being in charge of
> > > > it, I guess.
> > >
> > > What difference does it make in sense of security?
> > >
> > I've had a busy week. I think we were talking about Live images of
> > Debian Testing, right?
>
> No

Oops, wrong thread...

Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic